From 0c9dba16bbd10762844a9be196e7fa032083e9cf Mon Sep 17 00:00:00 2001
From: devthejo <devthejo@protonmail.com>
Date: Tue, 7 Jan 2025 10:09:23 +0100
Subject: [PATCH] fix(ci-cd): use token-bureau

---
 .github/workflows/release.yaml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c50c94a7..7a97e6c6 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,15 +5,25 @@ on:
   push:
     branches: [master, alpha, beta, next]
 
+permissions:
+  id-token: write  # Required for OIDC token generation
+
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
     steps:
 
+    - name: Get GitHub App Token
+      id: token
+      uses: SocialGouv/token-bureau@main
+      with:
+        token-bureau-url: http://token-bureau.fabrique.social.gouv.fr
+        audience: socialgouv
+
     - uses: socialgouv/workflows/actions/semantic-release@v1
       with:
         author-name: ${{ secrets.SOCIALGROOVYBOT_NAME }}
         author-email: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
-        github-token: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
+        github-token: ${{ steps.token.outputs.token }}